Electronic devices such as mobile phones infected with Pegasus, a notorious spyware program sold only to governments, have been discovered in Zambia.

The spyware, developed by Israeli cyber warfare firm NSO Group, has been used to target Journalists and human rights activists across the world.

Tech experts say the spyware gives the attacker the ability to monitor, record, and collect existing and future data from the phone.

It falls into the category of surveillance tools “that are licensed to legitimate government agencies for the sole purpose of investigating crime and terror.”
NSO Group functions as a lawful company that creates advanced surveillance tools for Android and iPhone.

In a report titled ‘Hide and Seek’ which was released recently, Citizen Lab — a Canada based internet watchdog — identified 45 countries in which infected devices have been traced, after scanning the internet for servers associated with Pegasus spyware.

In a statement to Citizen Lab, NSO Group said: “Our product is licensed to government and law enforcement agencies for the sole purpose of investigating and preventing crime and terror. Our business is conducted in strict compliance with applicable export control laws.” It added that there are “multiple problems” with the Citizen Lab report, and that the list of 45 countries is inaccurate.

In response to the report, the Committee to Protect Journalists, a non-governmental organization advocating for the rights of journalists, issued a safety advisory; “The spyware gives the attacker the ability to monitor, record, and collect existing and future data from the phone. This includes calls and information from messaging applications and real-time location data. The spyware is able to remotely activate the camera and microphone to surveil the target and their surroundings … Journalists will likely only know if their phone has been infected if the device is inspected by a tech expert.”

Pegasus works on phones running Android, BlackBerry OS, and iOS operating software. It can be installed simply by clicking on a link, which is often designed to look like a message from a source or a breaking news story.

In its report, the Citizen Lab said that it had identified several operators of Pegasus that seem to be targeting African countries.

“We identify five operators focusing on Africa, including one that appears to be predominantly focusing on the West African country of Togo, a staunch Israel ally whose long-serving President has employed torture and excessive force against peaceful opposition. The operator in Togo may have used websites with names like “nouveau president” (“new president”) and “politiques infos” (“political information”) to infect targets with spyware. A separate operator that appears to focus on Morocco may also be spying on targets in other countries including Algeria, France, and Tunisia.”

Zambia’s ICT regulator ZICTA was not immediately available for a comment.